Let’s Encrypt Free SSL Certificate and Nginx on Ubuntu

Encryption For The Masses by Let’s Encrypt

In case you missed the chatter, Let’s Encrypt is a new Certificate Authority providing Free SSL Certificate by automated process and best of all, Open.

Which means, you don’t need to pay for a Certificate for your Site to get a Certificate issued, you can use the Free SSL Certificate provided by Let’s Encrypt.

If you can’t wait till December 3, 2015 – by then they will be open for their Public Beta go ahead and Sign Up for their Limited Closed Beta.

I signed up two weeks ago, got my Closed Beta invite whitelisting few domains, two days ago and decided to play with it today.

Their client makes it pretty easy for one to get the Certificate and in few minutes you have your server up and running with SSL – Following these steps might make it much easier.

Installing Git

If you don’t have git installed already, you’d need it.

sudo apt-get update
sudo apt-get install git

That should get git installed in your server and before you begin, stop nginx – This would throw errors as the it would prevent from binding to port 80

Stopping Nginx

sudo service nginx stop

Downloading Let’s Encrypt Client

Now let’s move towards some real action by downloading the Let’s Encrypt Client

git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt

Generating Let’s Encrypt Free SSL Certificate

The nifty letsencrypt-auto tool is used to update and manage dependencies in a Python Virtual Environment. You can run the command as a normal user and it will prompt when there is a need for su permissions.

Running this would set up the environment and install dependencies and you’d be asked for your email address for notifications and Key Recovery.

It would next ask you read the Terms of Service and you’d have to Accept to proceed.

Next you’d be prompted to input your domains that were whitelisted and emailed to you. You can separate them using commas or spaces. Alternatively, you could specify them in the command by using the -d your_domain.tld – That’d look like this: